Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1696)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1696 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized...

Amazon Linux 2 : runc, --advisory ALAS2ECS-2026-114 (ALASECS-2026-114)

The version of runc installed on the remote host is prior to 1.3.4-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-114 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

Medium: runc

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-113 (ALASECS-2026-113)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-113 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that...

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...

CVE-2024-45807

creationtimestamp| type| source ---|---|--- 2024-09-20 03:02:02+00:00| seen| https://t.me/cvedetector/6095...

CVE-2024-45807 oghttp2 crash on OnBeginHeadersForStream in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

CVE-2024-45807

CVE-2024-45807 affects Envoy 1.31.x where the default HTTP/2 codec is the oghttp implementation. The issue stems from bugs in stream management within oghttp2, which can cause Envoy to crash. A fix is available: upgrade to 1.31.2 (addressed in multiple advisories). Workarounds include disabling o...

CVE-2024-45807 oghttp2 crash on OnBeginHeadersForStream in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

CVE-2023-45807

creationtimestamp| type| source ---|---|--- 2023-10-17 02:32:10+00:00| seen| https://t.me/cibsecurity/72377...

CVE-2023-45807

OpenSearch Dashboards contains a tenant-permissions issue where authenticated users with read-only access to a tenant can create, edit, or delete index metadata for dashboards/visualizations in that tenant. This affects metadata only (not index data); read-only verification for data remains intac...

CVE-2022-45807

creationtimestamp| type| source ---|---|--- 2023-02-03 00:15:20+00:00| seen| https://t.me/cibsecurity/57428...

CVE-2022-45807

Cross-Site Request Forgery CSRF in WPVibes WP Mail Log plugin = 1.0.1 versions...

CVE-2022-45807 WordPress WP Mail Log Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF in WPVibes WP Mail Log plugin = 1.0.1 versions...

CVE-2022-45807

CVE-2022-45807 is a CSRF vulnerability in the WPVibes WP Mail Log plugin, affecting versions &lt;= 1.0.1. The NVD entry reports a CVSS v3.1 base score of 8.8 (HIGH) with network attack vector, requiring user interaction and no privileges, and impact to confidentiality, integrity, and availability...

CVE-2021-45807

CVE-2021-45807 affects jpress v4.2.0. The vulnerability arises from the server-side function io.jpress.web.admin.AddonController::doUploadAndInstall, enabling potential command execution. Connected PT-Security data specifies the issue affects jpress 4.2.0 and currently provides no known fix/versi...